> tcp_tw_recycle is incompatible with NAT on the server side ... because it will enforce the verification of TCP time stamps. Unless all clients behind a NAT (actually PAD/masquerading) device use identical timestamps (within a certain range), most of them will send invalid TCP timestamps so SYNs will get dropped.
This issue had also kept me busy for long hours and the basic insight is simple: Premature optimization is the root of all evil ;-), or, less philosophical, don't tune experimental parameters (the kernel docs are very clear about this!). Nils _______________________________________________ varnish-misc mailing list [email protected] http://projects.linpro.no/mailman/listinfo/varnish-misc
